dqqy64515
2017-10-22 11:17
浏览 89
已采纳

php password_hash和password_verify失败

Basic question but I keep failing. Have checked out similar topics but didn't get closer to the solution, so please don't redirect me just point out what I'm missing. Thank you.

<?php 

$hashed_password = "";
$con = mysqli_connect("localhost", "root", "", "testTable");

if (isset($_POST["reg_button"])){

$password = ($_POST["reg_password"]);

$hashed_password = password_hash($password, PASSWORD_DEFAULT);

$query = mysqli_query($con, "INSERT INTO user VALUES('', '$hashed_password')");

}
?>

<!DOCTYPE html>
<html>
<head>
    <title>register</title>
</head>
<body>
    <form action="register.php" method="POST">
        <input type="password" name="reg_password" placeholder="Password">
        <br><br>
        <input type="submit" name="reg_button" value="Register">
    </form>
    <br>
    <form action="login.php" method="POST">
        <input type="password" name="login_password" placeholder="Password">
        <br><br>
        <input type="submit" name="login_button" value="Login">
    </form>
</body>
</html>

This is the registering part and it is working flawlessly. The provided password is getting hased and stored in the DB.

<?php

include "register.php";

$con = mysqli_connect("localhost", "root", "", "testTable");

if(isset($_POST["login_button"])){

    $password = password_verify($_POST["login_password"], $hashed_password);

    $checkDB = mysqli_query($con, "SELECT * FROM user WHERE password = '$password'");

    $checkLogin = mysqli_num_rows($checkDB);

    if($checkLogin == 1){
        $row = mysqli_fetch_array($checkDB);

        echo "Welcome";
    }

    else {
        echo "Password incorrect";
    }
}
?>

This is the login part and it always fails. I suspect the following snippet to be the culprit:

$password = password_verify($_POST["login_password"], $hashed_password);

but have no idea how to fix it.

Any help would be great. Thank you!

UPDATED CODE:

register.php:

<?php 

$hashed_password = "";
$name = "";
$con = mysqli_connect("localhost", "root", "", "testTable");

if (isset($_POST["reg_button"])){

    $password = ($_POST["reg_password"]);
    $name = ($_POST["reg_name"]);

    $hashed_password = password_hash($password, PASSWORD_DEFAULT);

    $query = mysqli_query($con, "INSERT INTO user VALUES('', '$name','$hashed_password')");

}
?>

<!DOCTYPE html>
<html>
<head>
    <title>register</title>
</head>
<body>
    <form action="register.php" method="POST">
        <input type="text" name="reg_name" placeholder="Name">
        <br><br>
        <input type="password" name="reg_password" placeholder="Password">
        <br><br>
        <input type="submit" name="reg_button" value="Register">
    </form>
    <br>
    <form action="login.php" method="POST">
        <input type="text" name="login_name" placeholder="Name">
        <br><br>
        <input type="password" name="login_password" placeholder="Password">
        <br><br>
        <input type="submit" name="login_button" value="Login">
    </form>
</body>
</html>

login.php:

<?php

include "register.php";

$con = mysqli_connect("localhost", "root", "", "testTable");

if(isset($_POST["login_button"])){

    $name = $_POST['login_name'];
    $password = $_POST['login_password'];

    $checkDB = mysqli_query($con, "SELECT * FROM user WHERE name = '$name'");

    $passwordField = null;

    while($getRow = mysqli_num_rows($checkDB)){
        $passwordField = $getRow['password']; // Get hashed password
    }

    if(password_verify($password, $passwordField)){
        echo('Correct');
    }else{
        echo('Wrong');
    }
}
?>
  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 邀请回答

2条回答 默认 最新